Virus May Have Caused Unusual Breach

Beth Israel Deaconess Medical Center in Boston is notifying more than 2,000 of its patients about an unusual potential health information breach incident involving a computer virus that transmitted data to an unknown location.

The hospital reports in a website statement that a computer service vendor, which it declined to identify, recently failed to restore proper security controls on a computer after performing maintenance on it. The device, which was located in a locked room, was later found to be infected with the virus.

John Halamka, the hospital's CIO, told PHIPrivacy.net that the virus encrypted the data that it transmitted. "The reason we are reporting it is that we are not sure that a breach occurred, but because a virus sent some data from the radiology device to some location, we wanted to be very conservative and report a possible breach."

The computer did not contain patient's Social Security numbers or financial information. It did, however, contain patient names, medical records numbers, birth dates and the names and dates of radiology procedures that patients had undergone.

Beth Israel Deaconess "shut down the computer immediately upon learning that it was infected with a computer virus," Halamka said in the website statement. "The computer was cleaned and all software re-installed to ensure the virus was no longer present. Updated security controls were also installed and activated to prevent viruses from being installed."

Halamka also said Beth Israel Deaconess "worked closely with its vendor representative to ensure that an incident such as this does not re-occur."

Under the HITECH Act breach notification rule, breaches must be reported to the individuals affected as well as the Department of Health and Human Services' Office for Civil Rights.

About the Author

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.